FAQs

The FIAU is the national central agency in Malta that is responsible for combating money laundering and the funding of terrorism (ML/TF).

The core functions of the FIAU are the following:

• Intelligence Analysis which receives, processes and analyses information and data obtained from domestic and international sources to generate useful intelligence. When the FIAU has reasonable suspicion of ML/FT, the intelligence gathered is disseminated to the police for criminal investigation. In fulfilling its functions, the Intelligence Analysis Section also disseminates intelligence to other domestic authorities, and foreign counterparts, both spontaneously and upon request.
• Supervision which identifies and assesses ML/FT risks posed by subject persons and monitors compliance with their Anti-Money Laundering and Combating the Funding of Terrorism (AML/CFT) obligations. The Supervision Section also engages with subject persons to take remedial actions to address certain compliance shortcomings and follow-up on the same.
• Enforcement which determines the administrative measures necessary in relation to identified AML/CFT breaches committed by subject persons and follows up on the implementation of any required remedial action.

Other functions of the FIAU, include:

• Guidance and Outreach to assist subject persons to understand their AML/CFT-related obligations, to communicate the FIAU’s expectations when it comes to their implementation and to foster and improve a stronger culture of compliance, through the provision of training, guidance and assistance.
• Cash Restriction which monitors compliance of the general public with the Use of Cash (Restriction) Regulations.
• Centralised Bank Account Register (CBAR) which administers and manages the data collection and retrieval system for information on accounts identifiable by IBAN, safe deposit boxes and safe custody services provided by Maltese credit and financial institutions. The system is accessible exclusively to the FIAU and other designated national competent authorities for the purposes of fighting ML/FT and other serious criminal offences.

For a more detailed explanation of all the different functions of the FIAU and on the manner such functions are carried out, please click on the following link: What We do

The FIAU does not investigate ML/FT from a criminal perspective, nor does it investigate any predicate offences – this is the remit of the Malta Police. The FIAU receives and analyses reports on suspected cases of ML/TF. Its final objective is to provide the police with credible leads i.e. intelligence, on cases the FIAU has reasonable grounds to suspect ML/FT. Criminal investigations carried out by the Malta Police gather, analyse, and collect evidence related to ML/FT with the aim of identifying perpetrators, and building a case to any eventual prosecution in front of the Courts.
In addition to the analytical function, the FIAU has supervisory powers. The latter means that the FIAU is empowered to supervise subject persons to ensure their adherence with applicable AML/CFT obligations emanating from applicable legislation.

As per Article 13 of the Prevention of Money Laundering Act (PMLA) and Regulation 21 of the Prevention of Money Laundering and Funding of Terrorism Regulations (PMLFTR), the FIAU has the power to impose administrative measures. These include administrative penalties, remediation or follow-up directives, termination of particular business relationships, written reprimands or other measures that can be imposed by the FIAU:

– when it has concerns with a subject person’s application of its AML/CFT obligations and the identification of breaches of provisions of the PMLFTR, or any binding procedures or guidance issued thereunder,

– when it identifies failures to comply with lawful requirements, orders or directives issued by the FIAU

Further information in relation to the above can be found by clicking on the following link:

Administrative Measures

The Implementing Procedures Parts I and II (IPs), as well as general and sectorial guidance documents issued by the FIAU may be accessed by clicking here: https://fiaumalta.org/how-we-do-it/main-procedures-guidance/

As per Regulation 17 of the PMLFTR, the Implementing Procedures which are issued by the FIAU to assist subject persons in understanding and fulfilling their obligations under the PMLFTR are legally binding.

Besides the Implementing Procedures, the FIAU also publishes Guidance Notes and Interpretative Notes to further substantiate, clarify and improve the understanding of subject persons regarding topics or specific obligations which emanate from the legally binding PMLFTR and the Implementing Procedures. This implies that subject persons are expected to adhere to the explanations and guidance provided in these Guidance and Interpretative notes issued by the FIAU.

Subject persons may refer to the recordings of various webinars organized by the FIAU. They may be accessed from the following page: https://fiaumalta.org/courses-events/webinars/

Subject persons may also refer to the presentations uploaded on the website following past training events that were held. These may be accessed from here: https://fiaumalta.org/courses-events/courses-by-fiau-2/past-courses/

Subject Persons may send any queries to our designated email address on [email protected]

This can be done by subscribing to the FIAU’s newsletter from the website. Newsletters are sent regularly to update subject persons:

• on important updates at a national and/or international level,
• whenever training events are organized by FIAU,
• whenever new guidance documents and consultation documents are issued by the FIAU and/or international authorities such as the FATF, the EBA, EUROPOL etc.

Interested parties should refer to the following page for the procedure on requesting FIAU participation in third-party training events. The page outlines the criteria the FIAU uses to decide whether to accept a request, and provides a standardised form for submitting such requests.

Any legal or natural person carrying out either relevant financial business or relevant activity as defined under Regulation 2 of the PMLFTR may receive a request for information and are liable to reply to the same within five (5) working days, unless otherwise stipulated by the FIAU.

Since the launch of goAML in June 2020, requests for information are no longer transmitted via email but through the subject person’s message board on goAML.
Further information on this is available through the following notification: https://fiaumalta.org/wp-content/uploads/2020/06/FIAU-goAML-Notification.pdf

Subject persons are notified through an email notification alert highlighting that there is a new message on the goAML message board. This email notification alert is directed at the organisation’s email address listed by the subject person on their respective goAML account.
Kindly note, that the system only accepts one email per organisation, however, should the subject person deem it necessary for several officers to receive notifications, there is the facility to include a group email address. The organisation email address may be changed as required, when necessary, by the Reporting Entity Administrator (RE Admin) registered on goAML. However, it is
entirely up to the subject person to decide how best to receive email notifications, ensuring that such notifications are duly and effectively acted upon.

Automated emails may be directed to spam/junk folders. Whitelisting the goAML automated email address can minimise these instances, though this is not foolproof. It is therefore expected that subject persons not only whitelist the system’s email address but also regularly review the content within spam/junk folders. Otherwise, subject persons are also encouraged to frequently check their goAML message board to ensure that any request for information requiring action is effectively addressed within the stipulated timeframes.

Yes. Since the goAML system does not accept the same email address to be registered to more than one entity, when an individual holds multiple MLRO appointments, he/she should ensure that the ‘delegation to parent’ procedure is carried out to ensure emails, are directed to an existent email address.
You can do so by registering yourself as an organization but specifying that you are a Professional. Once all your entities are separately registered with their unique email address, you can log in on each entity and delegate control to your MLRO organizational ID. When you log in with your MLRO account, you will see a drop down with your entities delegated to you for your control.
If the new organisation is not yet registered on goAML, a New Delegating organisation may be created through the ‘main’ organisation’s profile. The new organisation is created through the delegation itself, therefore, the same email address may be used, and no new user is created.

While frequent access to the goAML message board is highly encouraged, subject persons may decide to implement other measures they deem appropriate as long as the obligations emanating from Regulation 15(8) of the PMLFTR are honoured. Subject persons are encouraged to access their entity’s message board as frequently as possible irrespective of receipt of any email notifications. Furthermore, while the majority of requests for information are to be responded to within 5 working days, in more urgent cases, the FIAU may invoke its powers at law to request information in a lesser timeframe. In such cases the stipulated timeframe is communicated in the request but is not evident in the automated email notification.

Section 5.1.1 of the Implementing Procedures (IPs) stipulates that in terms of Regulation 15 of the
PMLFTR, the MLRO is required to respond promptly to any request for information. However, the MLRO may delegate and/or be assisted by other employees falling under his/her supervision. Additionally, Section 5.2 of the IPs outlines that considering the desired functions by the MLRO, it is
imperative that he/she is available at all times, yet it is understandable that this may not always be possible.
Hence, subject persons are to consider whether to register more than one user to assist and, whenever necessary, temporarily replace the MLRO when absent. It is however imperative for subject persons to understand that the email notification alert that there is a new message on the goAML message board will only be sent to the persons included in the recipients list.

Yes. Subject persons should ensure the information/data on their respective registration, is duly amended, and maintained correct and up to date. Relevant changes requiring updates may include a change in MLRO, other registered users of the subject person, email address/es, company name changes, any upcoming surrender of licence etc. The person with Admin Rights can affect the necessary changes him/herself and approve or change the rights of any new/existing users as well as assign/revoke Admin Rights. Further information on this is available through the following notification:
https://fiaumalta.org/wp-content/uploads/2021/09/goAML-Web-Forms-and-Registration-UserInterface.pdf goAML and CASPAR are two separate systems with different functions altogether and are administered by two separate sections within the FIAU. The systems are not affiliated or connected to each other and neither of them has visibility of the data either holds. Therefore, it is important to contact/inform both sections separately of any changes occurring within the SP’s set
up.

The subject person’s attention is drawn to the fact that it may receive multiple requests for information bearing the same case reference number and that some, may also be transmitted on the same date within mere hours of each other. Despite this, each request for information should be considered as a separate, individual request since the content of the attached ‘Standard Enquiry to……’ document and the information sought, invariably differ. Consequently, all should be considered as separate requests that require being replied to

Yes. Subject persons are required to respond to each request separately, by replying to the same message received through goAML’s message board. Similarly, in cases where affiliated companies all providing relevant activity, receive requests for information about the same subjects, responses to such requests are to be made on behalf of every company. This even in the case of multiple MLRO appointments.

What if the subject person has no relationship with the person/entity about whom/which the information is being requested?

Subject persons who are still licensed by a relevant authority, irrespective of whether they are servicing customers or not and irrespective of whether operations have ceased, must reply to any requests for information and within the required timeframes. Hence, requests for information transmitted during a period of licence suspension and/or prior the effective termination of a subject person’s licence, must be duly replied to.

The Unit has two teams offering generic and technical assistance, to better support subject persons with any issues encountered. You may contact [email protected] for genera support and [email protected] for your technical queries. Further information is available through the following notification: https://fiaumalta.org/wp-content/uploads/2020/06/FIAU-goAML-Notification.pdf

The enforcement section carries out a periodic exercise to monitor subject person compliance to the requirement to reply to requests for information within the stipulated deadlines. Information about no and/or late replies is provided by the Intelligence Analysis Section, which information leads to the issuance of potential breaches letters to each subject person who either did not reply
or otherwise replied following the stipulated deadlines. Subject Persons are given a 30-day time period to provide representations. The Committee considers the subject person representations and determines whether there was an actual breach of Regulation 15(8) of the PMLFTR and if so determine the administrative measures to impose for such breaches.

Subject Persons are required to ensure adherence to Regulation 15(8) of the PMLFTR, albeit after the stipulated timeframes. Moreover, subject persons are required to ensure that representations are submitted within the timeframes stipulated in the potential breaches letter.

If there is a justified reason for late and/or failure to reply to requests for information this should be clearly explained. This will assist the Compliance Monitoring Committee in determining the appropriate administrative action to impose. One should keep in mind that there are a number of unjustified reasons including:

• Reference to workload. Subject persons are given reasonable time to reply to requests for information and this is a legal obligation that should be given equally importance to any other workload. The FIAU acknowledges the effort required to respond to such requests, however, subject persons that are not in a position to honour such obligation for justifiable reasons should immediately inform the FIAU’s Intelligence Analysis Section and request an extension.
• The resignation of MLROs, changes in management or other key officials. In the absence of the responsible person handling the requests from the FIAU, subject persons ought to have a designated employee or a competent team member to handle such requests for the intervening time, said member should have unrestricted access to any relevant information held by the subject person that would allow them to answer to requests made by the FIAU in a timely manner.
• Not knowing of the obligation to submit a NIL reply. As stated in the request for information, subject persons are still required to reply back accordingly on the Message Board. In the absence of a reply, the FIAU will not know whether the subject person held any important information for the FIAU’s Analysis Section to be able to fulfil its function and analyse the information received.
• Not knowing of the request for information. Instructions and reminders regarding the FIAU’s utilisation of the goAML platform to request information had been communicated to all Subject Persons by the FIAU through various electronic means on numerous occasions.
• Technical difficulties. Since the outset of the launch of goAML, the Unit had setup two teams including a technical one, this to ensure sufficient resources are in place to support subject persons with any issues encountered at the time. These support channels for goAML related issues, are still actively assisting subject persons to this day and one need only reach out for the related assistance to be provided.

All potential breaches of the AML/CFT legislative provisions are brought before the Compliance Monitoring Committee, being the internal Committee set up to determine breaches of the law and determine the most appropriate administrative measure to impose in line with is internal policies and procedures. The Committee must ensure that the administrative measures it imposes are always proportionate, effective and dissuasive. In determining the administrative measure, the Committee
considers:

• Subject Person Representations. Refer to the previous question as to how to provide representations and what should be included.
• The seriousness of the breach committed. In such circumstance, the Committee considers whether it is a complete no-reply or otherwise a late reply, and in the latter instance the days within which the request was replied to late. The relevant activity or relevant financial business undertaken by the subject person is also factored in.
• The importance of the obligation being breached, particularly the risks of hindering the FIAU’s Analytical Function
• In determining the seriousness of the breach committed, incorrect replies that may jeopardise the ability of the FIAU’s Intelligence Analysis Section to carry out its functions appropriately and effectively are also considered as aggravating the subject person’s breaches at law.
• Repeated non- compliance. Subject Persons who repeatedly fail to reply to request for information within the stipulated timeframes are given heftier penalties in view of their repeated lack of regard towards their obligation at law. Repeated non-compliance may also lead to the taking of other administrative measures the FIAU is empowered to take including the imposition of a Directive to take corrective actions.

Any subject person (legal or natural) carrying out either relevant financial business or relevant activity as defined under Regulation 2(1) of the Prevention of Money Laundering and Funding of Terrorism Regulations (PMLFTR) is obliged to submit the REQ. This unless you have been exempted from submitting the REQ by the FIAU or otherwise you solely classify as a:

• Tied Insurance Intermediary
• VFA Issuer
• Dealers in high value goods (including car dealers, art dealers and dealers in precious metals and goods)
• Land based operator other than casinos, or
• Regulated markets/Central Securities Depository (The Malta Stock Exchange)

Data covering the prior calendar year for which the REQ has been issued. E.g., The REQ issued in February/March 2023 covers the reporting period 1 January 2022 to 31 December 2022.

Yes. Each subject person must complete a separate REQ and provide information that is specific to that subject person. Even if subject persons form part of the same group, and controls may be the same, a separate REQ is to be completed for each subject person.

In line with Regulation 15 of the PMLFTR and Chapter 5 of the IPs, subject persons are to appoint one of their officers as the MLRO. In exceptional circumstances when the MLRO originally registered no longer holds this position and/or the new MLRO is yet to be approved by the relevant authority, the subject person must immediately inform the FIAU. They must also provide the FIAU with the details of the employee who, for the interim period, will be assuming the role of MLRO and to whom the FIAU can address any requests or queries. This individual must meet the requirements in Section 5.1.2 of the IPs Part 1 and needs to be able to duly complete and submit the REQ on behalf of the subject person.
It is essential for subject persons to ensure that the FIAU’s records are duly updated with any changes to their appointed MLRO. In no instance should subject persons be operating without such assigned personnel.

Yes. Subject persons who do not require a license, but have commenced operations classifying as ‘relevant activity’ as defined under Regulation 2(1) of the PMLFTR in the year prior to the issuance of the REQ, are still required to complete and submit the REQ.
If not already registered on the Compliance and Supervision Platform for Assessing Risk (CASPAR) portal, the MLRO needs to register and create a subject person record on the portal. Guidance on the registration process is available in Section 3 of the CASPAR User Guide: https://fiaumalta.org/wp-content/uploads/2021/02/User-Guide-CASPAR-V8-11.02.2021.pdf

Subject persons which have ceased to provide ‘relevant activity’ as defined under Regulation 2(1) of the PMLFTR, are to immediately inform the FIAU by emailing [email protected] and provide a declaration to this effect. If accepted by the FIAU, the subject person shall not be required to complete the REQ.

If not already registered on the CASPAR portal, your MLRO needs to register and create a subject person record on the portal. Guidance on the registration process is available in Section 3 of the CASPAR User Guide [1]. The MLRO is to submit the REQ the year after which the license has been obtained.

E.g., If the license was obtained throughout 2023, the subject person is exempt from completing the REQ launched in February/ March 2023 (which covers the reporting period January 2022 to 31 December 2022). However, the subject person would then be required to complete the REQ launched the following year (2024) which requires reporting on the base year 2023, commencing from the day the license was obtained

Yes. Subject persons are required to complete the REQ irrespective of whether operations have commenced or not. This unless the subject person is exempted in line with Q6 (A).

Yes. Subject persons who are licensed by a relevant authority must complete the REQ irrespective of whether operations have ceased. Such licensed entities are required to complete and submit subsequent REQs up until their license is effectively terminated, cancelled, or surrendered.

To ensure that the REQ is completed and submitted in a timely manner, subject persons are encouraged to start compiling the REQ immediately when launched by the FIAU.
Should any technical issues be encountered, subject persons are to refer to Section 5 of the CASPAR User Guide link below and if the issue cannot be resolved in this manner, they are to email on [email protected] for further assistance.

It is important for subject persons to submit the REQ within the deadlines stipulated by the FIAU on its website. Failure to do so hinders the FIAU’s ability to conduct its supervisory function in a risk-based manner and may result in the imposition of administrative measures in line with Regulation 21 of the PMLFTR on such subject persons. Despite this, post the FIAU’s deadline, subject persons are still encouraged to duly submit the REQ as this will still aid in the FIAU’s supervisory process and will result in a less stringent administrative measure to be imposed for the subject persons failure to submit within the FIAUs deadline.

In this circumstance, the FIAU will not have the necessary information to carry out a comprehensive risk assessment on the subject person. Since the REQ would not be available to risk assess the subject person, a heightened risk rating is assigned to these subject persons. Additionally, administrative measures in line with Regulation 21 may also be taken on subject persons who fail to submit the REQ within the stipulated timeframes.

The FIAU’s enforcement section carries out a yearly periodic exercise to monitor subject persons compliance with their requirement to submit the REQ within the stipulated deadlines. Information about non or late submission is provided by the FIAU’s Supervision section, this information leads to the issuing of potential breaches letters to each subject person who either did not submit the REQ or submitted the questionnaire late. Subject persons are then given a 30-day time period to provide representations, following this, each case is presented to the FIAU’s Compliance Monitoring Committee (the Committee). The Committee considers the subject person’s representations and
determines whether there was an actual breach of Regulation 19 of the PMLFTR and if so, determines the administrative measure(s) to impose for the breach.

Subject persons are required to ensure that representations are submitted within the timeframes stipulated in the potential breaches letter. Unless already submitted, the subject person is also encouraged to submit the REQ despite being late.

The Use of Cash (Restrictions) Regulations are a set of legal provisions that make it illegal to make or receive cash payments of €10,000 or more for the following goods:

• Motor-vehicles
• Sea craft
• Works of art
• Antiques
• Immovable property
• Jewellery, precious metals, precious stones, and pearls

Cash payments below €10,000 are not restricted.

The Regulations do not restrict the amount of cash that can be used on goods other than those mentioned above.

The Regulations do not restrict payments made through means other than cash.

The term ‘cash’ refers to physical notes and coins. The Use of Cash (Restriction) Regulations prohibit the use of cash, i.e., using physical banknotes and coins to pay a sum of €10,000 or more. The term ‘cash’ does not include other forms of payment such as cheques, card payments or bank transfers. Hence, payment by means other than physical banknotes and coins is not limited or restricted by the Regulations.

No. The Use of Cash (Restriction) Regulations do not have a retroactive application. This means that the Regulations apply only to those transactions (whether linked or otherwise), made in cash from the day the law came into force, i.e. from 9 March 2021 onwards.

No. These regulations apply only to the buyer and the seller involved in a transaction concerning the purchase or sale of any of the items listed in the Regulations (i.e., immovable property, antiques, works of art, sea craft, motor vehicles, jewellery, precious stones, precious metals and pearls), when payment of €10,000 or more is carried out in cash. However, a bank may have other obligations under different laws which may require it to establish how funds deposited were generated and/or the reason behind certain transactions. This would be the case with the on-going monitoring obligations under the Prevention of Money Laundering and Funding of Terrorism Regulations.

No. The restrictions apply only on the goods that are listed in the Regulations. This means that other goods such as furniture can be paid for in cash without any restriction on the amount as long as the furniture in question does not fall to be considered as antiques.

For the purpose of the Regulations, the term ‘jewellery’ refers to personal ornaments made in whole or in part, or covered with gold, silver, platinum or other precious metals and/or, set with diamonds, precious stones or pearls, and wrist watches.

For the purpose of the Regulations the term ‘precious metals’ refers to gold, platinum, palladium and silver in the pure state and their alloys.

For the purpose of the Regulations the term ‘precious stones’ refers to substances with gem quality and market-recognised beauty, rarity, and value. They include diamonds, sapphires, rubies, and emeralds.

A sea-craft is any ship, boat, pleasure yacht and any other form of sea-craft which is used in navigation.

Any self-propelled road vehicle which is normally used for carrying persons or goods on the road. This includes cars, motorcycles, buses, trucks, and construction vehicles. The vehicle can be in both new and second-hand condition.

The term ‘antiques’ refers to works of art or objects of geological, paleontological, archaeological, or antiquarian importance, which are at least one hundred years old.

No. The restriction also applies when payment is made in cash in any other currency. The limit on the amount of that currency that can be paid in cash is the equivalent of €9,999.99.

No. The Regulations apply to any person transacting in cash (i.e. coins and banknotes), whether they are buying or selling.

Yes. These Regulations apply also in cases of private, non-commercial transactions. E.g.: A person selling their used personal vehicle through a social media website would have to abide by the Regulations and would, together with the buyer, be committing a criminal offence if the seller were to accept cash as payment in excess of €9,999.99 from the buyer.

Linked transactions consist of two or more transactions which have the following three elements:

• They are performed by the same individual(s)
• They have a similar or linked purpose
• They are carried out within a six-month period

Example of a linked transaction:

Two cash payments of €7,000 each, one carried out in June and the other in August, to pay for the same car, would constitute a linked transaction. This is because they are performed by the same individual, have a similar or linked purpose (the same car), and are carried out within a six month period.

No. Even multiple items purchased in a single transaction are considered as linked.

Examples:
a) Trader ‘A’ is an antique dealer and acquires a lot of Melitensia items. The seller requests payment in cash. Individually the items are priced well below the EUR 9,999.99 but collectively they exceed the said amount. If Trader ‘A’ were to accede to the seller’s request, the two of them would be breaching the Regulations.

b) Trader ‘B’ is a car dealer. In January an individual acquires a car from Trader ‘B’ with the intention to use the same for a new taxi service. In March of the same year, the same individual acquires a further vehicle from Trader ‘B’ for the same purpose. Individually the vehicles did not exceed EUR 9,999.99 but taken together they do. While it is possible for payment for the first vehicle to have taken place in cash, this is not possible with respect to the second one as it would result in a breach of the Regulations. The two transactions meet the conditions to be considered as linked.
Two cash payments of €7,000 each, one carried out in June and the other in August, to pay for the same car, would constitute a linked transaction. This is because they are performed by the same individual, have a similar or linked purpose (the same car), and are carried out within a six month period.

If an individual purchases any of the goods listed under regulation 3(1) (vehicles/seacraft/works of art/antiques/immovable property/jewellery/pearls/precious metals and stones), and within a 6-month period purchases once again the same good from the same seller, for the same purpose, that purchase is considered as linked. Furthermore, if both cash payments combined amount to €10,000 or more, then such payments would be in breach of the Use of Cash (Restriction) Regulations.

No. If transactions involve different sellers, they would not be considered linked, since the transactions would not have taken place between the same parties.

No. If the purchasers are not the same person, then the transactions are not deemed to be linked.

There could be situations where a buyer is carrying out a transaction on behalf of someone else, possibly to prevent detection of linked transactions.

One example of this is as follows: Person A buys a vehicle from Trader B in March 2021. 3 months later, Person C buys a vehicle from the same Trader B, but registers the vehicle under Person A. In this case, Person C is buying the vehicle on behalf of Person A, and so these transactions are considered to be linked.

Whenever traders are aware that methods are being applied by the person making the payment or transaction to circumvent the law, such as through (but not limited to), the aforementioned example, the trader must consider such transactions as linked. Otherwise, if traders knowingly partake in such methods, they will also be in breach of the Regulations, as a party who has received the payment.

Yes. Multiple payments in cash made in respect of the same good, are to be deemed linked when they occur over the same 6-month period and involve the same parties. This applies even if a payment is made as a deposit or relates to bills of exchange.

No. These regulations do not have a retroactive application, so transactions which took place before the regulations came into force are not considered linked to transactions that took place after the date.

Example: €9,000 were paid in cash to purchase a work of art before the coming into force of the said Regulations, and a further €2,000 were paid in cash with respect to the same purchase after the coming into force of the regulations. Since the first transaction of €9,000 was paid before 9th March 2021, it is not linked to the second transaction.

1. That individual will be guilty of an offence and on conviction will be liable to a fine of not less than 40% of the sum paid, received, or transacted in cash that was in excess of €9,999.99.

Example: If an individual purchased a vehicle using €18,000 in cash, the amount of €8,000.01 is in excess of the €9,999.99 limit permitted by the Regulations. The value of the fine for this breach will be a minimum of 40% of those €8,000.01 which were paid in excess, which in this case would amount to a minimum of €3,200.

The penalty would apply to both the purchaser and the seller.

2. In addition to the fine, the FIAU may recommend to any relevant authority, body or committee responsible for the authorisation, licensing, registration, or regulation of the trader concerned, to take any further action within its powers and remit as deemed suitable and appropriate by the said authority, body, or committee.

3. When the person found guilty of the offence is the director, manager or an officer who exercises executive functions in a company or any other undertaking, that person shall be deemed to be vested with the legal representation of the company or undertaking. In such a scenario, the company or undertaking shall be liable together with the individual found guilty.

The Regulations also allow the possibility of settling the matter administratively through the payment of an administrative penalty as an alternative to criminal proceedings. For this to take place, the following are required:

• The consent of the Attorney General;
• An agreement is reached between the parties concerned prior to being charged in court; and
• Payment of the relative administrative penalty

An administrative settlement is prohibited in the following situations:

• Where the sum of the payment transacted in cash exceeds €100,000.
• In the case of a person who has previously been found guilty of an offense against the Regulations, unless three (3) years have elapsed from the date of such judgement.
• In the case of a person who has previously benefited from an administrative settlement, unless three 3 years have elapsed from the previous settlement agreement.

If an individual makes a false declaration/representation or produces false/incomplete information or documentation, such individual would be guilty of an offence and if convicted shall be liable to a fine of not more than €25,000.

Yes, the transaction is still valid. Acting in contravention of these regulations will not impact:

-The legal validity of the payment or transaction

-The contractual obligation in respect of which the payment or transaction were carried out.

This means that all parties to the payment or transaction shall be bound by their contractual obligations even if the payment is in breach on the Regulations.

The FIAU has the function to monitor and to ensure compliance with this regulation. Thus, it can carry out on-site examinations on traders of high-value goods to which the Regulations apply and notaries, and may require them to answer any questions and provide the information or documentation that may be needed.

The FIAU is also empowered to issue binding procedures and instructions on how traders and notaries are to comply with their obligations under the Regulations.

Failure by traders and notaries to abide by the procedures and requirements issued by the FIAU will result in an administrative penalty of not more than €5,000. The FIAU may issue a warning in writing instead of an administrative penalty.

Subject persons are to gather all the required information to submit an STR. When this information is not readily available, the subject person is to try and acquire it from the source itself, paying close attention to the methods used to avoid tipping off. Subject persons are reminded that tipping off is a criminal offence. Therefore, they are expected to be tactful when requesting further information relating to the transaction that the customer is trying to effect. When information is not being provided, subject persons should submit the STR noting the difficulties in obtaining the required information/documentation. They should also consider whether to retain the relationship or not. Moreover, in cases where subject persons acquire further information in relation to a previously submitted STR, they can do so by submitting an ‘additional information file’ report through goAML.

Subject persons are to remember the difference between ML/FT and AML/CFT. ML/FT are criminal offences which can be committed by anyone. AML/CFT are targeted measures, procedures, and processes to use by subject persons to detect and prevent possible money laundering and terrorism financing. They also to protect their operations from abuse by money launderers and to protect the jurisdiction from exposure to ill-gotten gains.

Administrative measures, including penalties, are imposed for the subject persons’ lack of adherence to AML/CFT regulations. Compliance with AML/CFT obligations ensures that subject persons have the necessary risk understanding, and controls to manage and mitigate risks, as well as to report suspicious transactions or activities. The aim is to prevent ML/FT from happening, and therefore, subject persons must be vigilant for any red flags, trends and typologies of ML/FT. Money laundering, and the punitive acts for committing, attempting or aiding these crimes is outside the remit of the FIAU.  The role of the unit is to ensure compliance with AML/CFT obligations. However, failure to abide with ones AML/CFT obligations can increase the risk of unintentionally facilitating ML/FT. Any gaps and deficiencies in a subject person’s controls may facilitate ML/FT attempts by its customers. Therefore, subject persons must have adequate mitigation measures, controls, policies and procedures to reduce the chances/risks of ML/FT taking place. Proof of ML/FT is not required to confirm a breach. However, administrative penalties imposed for failures to implement the necessary controls, take into account the risk of unintentionally facilitating ML/FT.

Specific to this question, the tool considers several related factors. It factors in the overall level of regard to AML/CFT obligations, considers incidents of past non-compliance and the level of commitment to comply. In addition, the tool factors in the enhanced controls implemented or committed to be implemented by the subject person after having identified the failures.  Furthermore, it factors in the level of cooperation by the subject person, throughout the whole supervisory review and enforcement process. The commitment to remediate or evidence of remediation having been undertaken is also considered as positive. Therefore, there is an element of proportionality, because the amount of the penalty imposed is commensurate to the breach committed by the subject person. However, it also factors in the level of compliance after the failures committed were identified and pointed out. In view of this, one of the administrative measures imposed by the Compliance Monitoring Committee is to issue directives to take remedial actions. This is aimed at increasing compliance, through guided and supported corrective actions. The intention of administrative penalties is to always be proportionate, effective, and dissuasive, thus ensuring that subject persons do not commit breaches in the future.

Subject persons must pay close attention to the jurisdictions their customers have links with. Jurisdictions included in the FATF list are to be considered as being non-reputable jurisdictions since they have deficiencies in the AML/CFT measures adopted. Non-reputable jurisdictions must always be regarded as high-risk jurisdictions since these have deficiencies in their national AML/CFT regimes or inappropriate and ineffective measures for the prevention of ML/FT. Therefore, in cases where subject persons are servicing customers with links to these non-reputable jurisdictions, they should consider this as a high-risk factor and are legally obliged to carry out EDD measures. The subject person must, however, assess the link with these jurisdictions. If, for example, the corporate customer is registered in such a jurisdiction and transactions are passing from it, that relationship poses a heightened risk. Therefore, it merits the implementation of EDD measures specifically focused on monitoring the transactions being made, their source and rationale. However, if the link materialises from the place of birth of the Beneficial Owner (BO) or Senior Management Official (SMO) of the company, and no other links are identified with that jurisdiction, there would be no need to implement enhanced due diligence measures but to remain vigilant in case of any subsequent exposure to the jurisdiction.

This depends on the service being offered by the insurance intermediary, and the type of intermediary. If the intermediary has facilitated the initial sale of the policy, but is in no way involved in its renewal, servicing, or redemption (save for the annual brokerage fee) than this is considered to be an occasional transaction. However, if the insurance intermediary is involved in the policy renewal, servicing, or redemption than the intermediary would have a business relationship with the customer. It is also important to note that Tied insurance intermediaries who do not accept client monies but simply facilitate the sale of the policy do not fall under the definition of a subject person.

Senior management approval for a business relationship with a PEP is a legal requirement at onboarding. Once this approval has been granted, subject persons are to adopt a risk-based approach. Further senior management approval would be required in cases where material changes are identified within the business relationship, following its close monitoring. A change in the business relationship with the PEP, such as offering a new product/service, might also require re-approval by senior management, this should be done on a risk-sensitive basis.

When establishing the source of wealth of a customer in the remote gaming sector, one must trace the origins of the funds being deposited by the player. When recycled winnings are involved, subject persons are to ensure that they understand the source of the original deposits (in cases where the deposits are of a substantial amount or do not align with the customer’s profile). This must be seen considering the source of funds information at the subject person’s disposal, including information on the player’ income streams and employment. Generic statements are not sufficient and must be substantiated with more details and on a risk sensitive basis supported by documentary evidence. Therefore, subject persons are to ensure that they retain enough information on file to build a comprehensive customer business and risk profile. In cases where it is evident that the information provided does not cover the deposits transacted, the subject person is required to inquire further and determine how the funds originated.

This depends on from where the risk is originating. If the risk relates to transactions being effected by the customer, and the invoice obtained provides the necessary information on the transaction, and the google search carried out provides reassurance of either the veracity of the parties involves or the product being sold, then this would be deemed sufficient. Subject persons are to remember that the EDD documentation collected is to be reviewed and assessed to further understand the customer’s behaviour and activity. In cases where this is not sufficient, additional documentation must be requested.

The FIAU cannot go into the merits as to how this failure should be penalised as there are other Authorities responsible for this. There is also no obligation to report the non-filing of financial statements to the FIAU. However, this should be considered as a red flag  to be considered in conjunction with other factors. If there are more red flags present which give rise to the suspicion of possible ML/FT occurring, subject persons are expected to submit an STR to the FIAU. Therefore, the non-filing of financial statements should not be seen independently, therefore, the subject person is expected to consider the customer’s profile holistically, taking into consideration any possible further red flags.

Article 28 of the PMLA allows the FIAU one working day following the day on which the TRN reporting takes place, for it to issue a suspension or postponement order (if required). There is no reference to any specific timeframe. However, the FIAU is conscious of this and issues these orders if necessary within a reasonable time. It is important to note that if the TRN Report is submitted on Friday, the next working day allowed to the FIAU would be Monday.

The definition of BO is based on a three-tiered test:

Tier 1 – Ownership through direct or indirect means, by holding 25% plus one of the shares, or more than 25% of the voting rights or of the ownership interest in the customer.

Tier 2 – Control through other means. This test is to be applied independently of whether an individual under Tier 1 was identified. It may result in the identification of additional BOs where the SP has reason to believe that another person/s is/are exercising ultimate control over the running of the body corporate or its management through means other than ownership.

Tier 3 – Senior managing official. If, after having exhausted all possible means, no BO as defined under the previous two tiers is identified, the senior managing officials are to be considered as BOs.

Therefore, although this is a 3-tier test, Tier 1 and Tier 2 are not mutually exclusive and it is possible to have situations where one or more BOs are identified under both tiers for the same body corporate. Even within Tier 1 there could be additional BOs in view of their voting rights or because of their ownership interest. It is important to emphasise that, SPs should consider whether there is anyone else exercising control over the body corporate, even when they have already identified one or more BOs under the Tier 1 test.

It is pertinent to clarify that companies would be listed on a stock exchange and not their BO. However, the FIAU understands that the respective BOs of a listed company would be known due to the applicable transparency requirements. In cases where the entity that is listed is the customer or is the holding company of the customer, then no BO identification is required. Subject persons are only obliged to ensure that the company is in fact listed on a regulated market with disclosure requirements in line with EU law. This said, subject persons must remain vigilant of any actions taken by the stock exchange, in relation to repeated failures by the listed entity to abide by the disclosure requirements.

There is no obligation to screen close associates of customers, or individuals/entities with whom the customer is transacting. However, this may be one of the measures the subject person opts to implement in the event a transaction is flagged for review.

There is no single definition to define complexity in corporate structures. Legal arrangements such as trusts and foundations, as well as having multiple jurisdictions involved in a structure may be considered as elements constituting complex corporate structures. While having multiple layers in a particular structure may be a signal of complexity, it is more prudent to understand the details of the layers, especially in relation to any legal arrangements involved and the jurisdiction exposure. Servicing a complex structure which serves no legitimate commercial purpose could increase the risk of ML/FT. Therefore, subject persons would be expected to implement the necessary controls to mitigate arising risks.

In line with Section 3.5.1(a) of the Implementing Procedures, subject persons are required to consider whether a customer and/or its beneficial owner has been the subject of adverse reports linking them to crime, especially financial crime, and/or terrorism. When considering adverse media, subject persons are expected to consider different factors including, the nature of the adverse media, its impact, the source of the adverse media and how persistent this is.

The Implementing Procedures do not provide a specific timeframe as to how far back historically should negative media be considered. This depends on the individual case, taking into consideration all its elements, as well as the abovementioned factors. Additionally, subject persons are expected to consider the availability of any new reports or more recent media information demonstrating that the information provided earlier had no basis or was not as serious as originally portrayed.

Whilst the purpose of the business relationship would be obvious, i.e. that of investing, subject persons are to keep in mind that the obligation of the purpose and intended nature of the business relationship attaches with it the obligation to collect information on the source of wealth and source of funds. This is especially important in the realm of PIFs since the amounts being invested are normally of a substantial nature.

The FIAU has only issued one penalty on a specific individual and this since normally, the breaches identified are the direct responsibility of the subject person. Even in cases where the MLRO does not have sufficient experience, it is the responsibility of the subject person to ensure that it appoints an individual who has sufficient seniority and command. Therefore, in these scenarios, the FIAU works closely with other authorities to either ensure that the officers are provided with more training, or else to ensure that the MLRO is replaced. For penalties to be imposed on individuals, it would require the actual hindering of or unwarranted intrusiveness into the compliance function of the entity, or gross negligence on the part of the individual leading to the failure to submit suspicious reports to the FIAU.

One of the administrative measures that may be imposed by the FIAU is the issuance of a directive on the subject person to ensure the remediation of breaches identified. When it comes to Reporting, a subject person may be requested to provide updated policies and procedures on STR/SAR reporting to the FIAU. For MLROs, further training may be required. There may be cases where, as explained in the previous question, action is taken on the MLRO itself independently of any action on the subject person. More information in relation to the MLRO can be found in the guidance note issued by the FIAU in April 2022 entitled ‘Common Issues related to the Money Laundering Reporting Officer’.

The collection of expected activity is mainly driven by the need to have a benchmark by which to compare transactional activity. This is particularly useful given that in the gaming sector there are instances where source of wealth information is not necessarily a requirement (when the customer is low risk).

Expected activity (frequency and value of transactions) tends to be collected directly from the customer. While, information pertaining to the customer’s income and employment should be considered distinct from expected activity, if the subject person had collected such information on income and employment (including from statistical models when the customer is not high risk), this information is being considered as a sufficient proxy of the level of expected activity of their customers.

The FIAU is currently looking into this to provide additional clarity on the matter.

As per Section 3.1 (iii) of the Implementing Procedures Part II for the gaming sector, in developing a customer business and risk profile, licensees may also consider using statistical data to develop behavioural models against which to eventually gauge a customer’s activity, rather than collect source of wealth information. Therefore, the subject person may make use of statistical models (in scenarios which do not present a high-risk) mainly to understand the source of wealth of the customer. There might be instances, however, in which such statistical models may also help in understanding the expected level of activity. More information in relation to this, can be found in Question 19 above.

This refers to scenarios where the actual beneficial owner is not identified, since new shareholders are added to the structure so that no one holds 25% plus one of the shares. Senior management officials are then to be identified as the company’s BOs (since as per Section 4.3.2.3 (v) of the Implementing Procedures, the Senior management official should be identified as BO when the subject person has exhausted all possible means to identify one through Tier 1 and Tier 2). This could be identified because the individual would be actively involved in the decisions of the company or is actively funding the operations of the company without having any apparent financial interest in it. Therefore, subject persons are reminded that if someone is believed to have retained control independently of the percentage of shares or voting rights held, then that individual is to also be identified as the BO of the entity.